From Secunia advisory:
A vulnerability has been reported in Smarty, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an error when processing data with embedded variables. This can be exploited to potentially execute arbitrary PHP code.
This vulnerability is reported in version 2.6.19.
References:
http://secunia.com/advisories/32329/http://bugs.gentoo.org/show_bug.cgi?id=243856